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TECHNIQUE TO ESTABLISH WIRELESS SESSION 
KEYS SUITABLE FOR ROAMING 

FIELD OF THE INVENTION 

5 This invention relates to authentication technologies generally and 

particularly to authentication techniques in a wireless network. 

BACKGROUND OF THE INVENTION 

A wireless network is a flexible data communication medium implemented 

as an extension for, or as an alternative to, a wired network. By using radio 

10 frequency (RF) technology, wireless networks transmit and receive data over air, 
minimizing the need and the cost typically associated with wired connections. 
Moreover, wireless networks offer mobility and flexibility for users. For example, 
doctors and nurses in hospitals are able to use hand-held devices or notebook 
computers to access patient information from a server through wireless networks 

15 without having to search for a physical jack to plug their devices or computers into. 
Figure 1 demonstrates a prior art wireless network configuration. 
Specifically, the network configuration comprises wireless stations 108 and 110, 
wireless medium 106 and access points 100, 102 and 104. Wireless stations 108 and 
1 10 communicate with access points 100, 102 and 104 through electromagnetic 

20 airwaves 106. Access points 100, 102 and 104 are also connected to wired network 
112 and have access to the network resources of wired network 112 such as, server 



1 14, network printer 1 16 or other devices coupled to wired network 1 12. It should 
be noted that wireless stations 108 and 1 10 are not stationary and do not have to 
communicate with particular multiple access points. For instance, wireless station 
108 may seamlessly move from the coverage area of access point 100 to the 
coverage area of access point 104 and still maintain its data connections with the 
access points. 

Despite the portability and the convenience that wireless technology offers, 
there still lacks a comprehensive security scheme to ensure privacy and integrity of 
the data on wireless networks. For instance, one existing approach is to utilize static 
keys to encrypt data on a wireless link. Such encrypted data are vulnerable to attack, 
because the probability of deciphering them is much greater than if the data were 
encrypted with constantly changing keys. Another approach involves a wireless 
station sharing a group key with an access point. Thus, when any one device on a 
wireless network falls into the hands of an attacker, the security of every system in 
the network is compromised. Yet another approach has every wireless station share 
one key. As a result, any wireless station is capable of decrypting the traffic of any 
other wireless. 

As has been demonstrated, an improved method and an apparatus are needed 
to enhance the security of a wireless network. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention is illustrated by way of example and is not limited by 
the figures of the accompanying drawings, in which like references indicate similar 
elements, and in which: 
5 Figure 1 illustrates a prior art wireless network configuration. 

Figure 2 illustrates one embodiment of the present invention, a secured 
wireless roaming system. 

Figure 3(a) illustrates a block diagram of one embodiment of a wireless 
station in accordance with the present invention. 
10 Figure 3(b) illustrates a block diagram of one embodiment of an access point 

in accordance with the present invention. 

Figure 4 illustrates a flow chart of one process that one embodiment of a 
wireless station in accordance with the present invention follows. 

Figure 5 illustrates a flow chart of one process that one embodiment of an 
15 access point in accordance with the present invention follows. 
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DETAILED DESCRIPTION 

A method and an apparatus for establishing secured roaming are disclosed. 
In the following description, numerous specific details are set forth, such as 
Kerberos protocol, etc. in order to provide a thorough understanding of the present 
5 invention. However, it will be apparent to one of ordinary skill in the art that the 
invention may be practiced without these particular details. In other instances, well- 
known elements and theories such as cryptography systems, etc. have not been 
discussed in special details in order to avoid obscuring the present invention. 

In addition, the term, "wireless station", is used throughout the following 

10 discussion to refer to any network device that uses some wireless Local Area 

Network (hereinafter LAN) technology to communicate with a wired network. It 
can be either an end system or a switching element. Also, a "secured" session refers 
to information exchanges between two networking devices, where some form of 
security measures safeguard such exchanges. A "replay attack" describes one form 

15 of an attack on a security system. Specifically, a perpetrator who launches such an 
attack intercepts messages destined for a recipient and replays those intercepted 
messages back to the recipient. 

Unless specifically stated otherwise, the term, "Kerberos protocol", refers to 
Kerberos Version 5, released on May 5, 1995. It is an authentication protocol that 

20 allows entities to authenticate their identities to one another over physically insecure 
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networks and at the same time still prevents eavesdropping and replay attacks. It 
also incorporates cryptography systems to further provide for data stream integrity 
(such as detection of modification) and secrecy (such as preventing authorized 
reading). The Kerberos protocol operates within the Kerberos infrastructure, which 
5 comprises, but not limited to, the following: 

1) Key Distribution Center (KDC): maintains and controls the distribution of 
session keys. A KDC is also considered as a special type of an authentication 
server in the following discussions. 

2) Session key: information that enables two systems to establish a secured session. 
10 Session keys have limited life span. Thus, if a secured session is not established 

within a certain period of time, a new session key is needed. 

3) Kerberos client: initiates key distribution from the KDC and then uses the 
distributed session key to initiate a session with a peer. 

4) Kerberos server: the peer system with which the Kerberos client wishes to 
15 establish a secured session. 

5) Ticket: a Kerberos data structure that grants access of the Kerberos client to the 
Kerberos server. 

6) Authenticator: a Kerberos data structure that Kerberos client uses to authenticate 
itself to a Kerberos server and also to challenge the Kerberos server to 

20 authenticate itself to the Kerberos client. 
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7) Response: a Kerberos data structure that the Kerberos server uses to authenticate 
itself to the Kerberos client. 

Figure 2 illustrates one embodiment of the present invention or secured 
wireless roaming system (hereinafter SWRS) 200. SWRS 200 comprises one or 
5 more specially configured wireless stations, such as wireless station 202, at least two 
specially configured access points, such as access points 206 and 208 and 
authentication server 210. Access points 206 and 208 are coupled to authentication 
server 210 via wired network 212 and are further coupled to wireless station 202 via 
wireless network 204. Authentication server 212 is responsible for maintaining and 

10 providing security information and safeguarding the integrity of wired network 212 
and wireless network 204. The interactions among access points 206 and 208, 
wireless station 202 and authentication server 212 for creating a secured roaming 
environment will be discussed with examples in the subsequent section that details 
the operations of SWRS 200. 

15 Figure 3(a) illustrates a block diagram of one embodiment of wireless station 

202. Wireless station 202 comprises control unit 300, transmitter 302, receiver 304, 
filter 306 and antenna 308. Control unit 300 is mainly responsible for, but not 
limited to, preparing data for transmission and consuming received data. One 
embodiment of control unit 300 includes two functional blocks: 

20 encryption/decryption engine 314 and authentication protocol engine 316. An 
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alternative embodiment of control unit 300 may also incorporate a frequency channel 
selector to dynamically choose an appropriate frequency channel for wireless station 
202. Encryption/decryption engine 314 encrypts data that wireless station 202 
transmits and decrypts data that wireless station 202 receives with appropriate keys. 

5 Additionally, authentication protocol engine 316 contains procedures for wireless 
station 202 to adhere to in order to further protect the overall integrity of wireless 
network 204 and wired network 212. Specific examples of the mentioned 
authentication procedures will be provided in the subsequent section. 

Transmitter 302 and receiver 304 share antenna 308. On receive path 310, 

10 filter 306 filters out signals received by antenna 308 that are outside of a 

predetermined frequency range. Receiver 304 is then responsible for extracting data 
from the filtered signals and passing the resulting data to control unit 300. On 
transmit path 312, control unit 300 sends prepared data to transmitter 302. 
Transmitter 302 modulates the prepared data with a carrier of proper frequency and 

15 sends the modulated signal to filter 306. Filter 306 again eliminates spurious signal 
outside of the desired frequency range before transmitting the final filtered signal 
through antenna 308. 

Figure 3(b) demonstrates a block diagram of one embodiment of access point 
206 (or access point 208). Similar to wireless station 202, access point 206 also has 

20 control unit 318, transmitter 320, receiver 322, filter 324 and antenna 326. Its 
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control unit 318 has encryption/decryption engine 324 and authentication protocol 

engine 326 that perform the same functions for access point 206 as 

encryption/decryption engine 314 and authentication protocol engine 316 do for 

wireless station 202. In addition, access point 206 has wired-network connection 

5 interface 328 to communicate with wired network 212 as shown in Figure 2. 

Operations of a Wireless Station and Access Points 
in a Secured Wireless Roaming System 

One specific embodiment of SWRS 200 mainly applies the Kerberos 

10 protocol to secure communications among wireless station 202 and access points 

206 and 208. In other words, authentication protocol engine 316 (Figure 3(a)) of 

wireless station 202 and authentication protocol engine 336 (Figure 3(b)) of access 

points 206 and 208 are specially configured to execute authentication procedures and 

to handle data structures specified by the Kerberos protocol. However, these 

15 mentioned authentication protocol engines 316 and 336 also perform tasks that are 

either absent or distinct from the Kerberos protocol. 

Figure 4 describes a flow chart of one process that one embodiment of 

wireless station 202 follows. This figure assumes the following: 1) authentication 

server 210 as shown in Figure 2 is the KDC; 2) wireless station 202 does not yet 

20 have the session key to set up a secured session with access point 206, or 

session_key206; 3) wireless station 202 is currently in the coverage area of access 
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point 206 and will "roam" in the coverage area of access point 208; 4) access points 
206 and 208 share one group identification, ID g ; and 5) the session key for wireless 
station 202 to establish a secured session with access point 208 is denoted as 
sessionjkey 2 o8- 

5 In conjunction with Figures 2 and 3, instead of acting like a Kerberos client 

as in a typical application of the Kerberos protocol, authentication protocol engine 
316 instructs wireless station 202 to behave as a Kerberos server and provides access 
point 208 with its identity information in block 400. Then authentication protocol 
engine 316 waits to respond to access point 206' s attempt to establish a secured 

10 session using the newly obtained session_key 2 o6 in block 402. A session is 

considered secured when wireless station 202 and access point 206 complete their 
mutual authentication within the lifetime of session_key206- After authentication 
protocol engine 316 confirms that a secured session has been established, wireless 
station 202 obtains ID g from access point 206. ED g enables wireless station 202 to 

15 access all the access points that share the same ID g , such as access point 208. 

However, wireless station 202 cannot proceed to establish a secured session 
with access point 208 unless it has another valid session key, or session_key 2 08. As 
wireless station 202 moves into the coverage area of access point 208, authentication 
protocol engine 316 switches wireless station 202' s role back to being a Kerberos 

20 client and requests for session__key208 from authentication server 210. It is important 
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to note that in a typical application of the Kerberos protocol, a Kerberos client needs 
to have the identity information of a peer system prior to initiating a session with 
such a system. In contrast, one embodiment of wireless station 202 simply uses 
session_key208 and ID g to initiate a session with access point 208. 

5 Figure 5 illustrates a flow chart of one process that one embodiment of 

access point 206 (Figure 2) follows. This figure also relies on the same five 
assumptions described above. In parallel to the discussion for wireless station 202 
above, authentication protocol engine 336 instructs access point 206 to behave as a 
Kerberos client instead of a Kerberos server. Thus, access point 206 initiates session 

10 key distribution from authentication server 210 and attempts to establish a secured 
session with wireless station 202 using session_key 2 o6 in block 500. After a secured 
session has been established in block 502, authentication protocol engine 336 
provides wireless station 202 with ID g in block 504. 

Authentication protocol engine 336 then dictates access point 206 to serve as 

15 a proxy, or a relay agent, for wireless station 202. As a result, when access point 206 
receives a session key request message, such as a ticket request message, from 
wireless station 202, encryption/decryption engine 334 decrypts the message and 
authentication protocol engine 336 relays the decrypted message to authentication 
server 210 in block 506. Similarly, authentication protocol engine 336 also relays 

20 session_key208 from authentication server 210 to wireless station 202 after the 
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session key becomes available. However, before the actual relay occurs, 
authentication protocol engine 336 appends certain information to session_key208 to 
set the lifetime of the session key in block 508. In one embodiment, authentication 
protocol engine 336 selects and appends the current time of day, T, and a random 

5 number, N, to the session key. 

In addition to the block diagrams as shown in Figures 2, 3(a) and 3(b) and 
flow charts as shown in Figures 4 and 5, the following tables further demonstrate 
implementation details of one embodiment of S WRS 200. Phase 1 corresponds to 
blocks 400, 402 and 404 as illustrated in Figure 4 and blocks 500, 502 and 504 as 

10 illustrated in Figure 5. Phase 2 corresponds to blocks 408, 506 and 508. At last, 
phase 3 corresponds to block 410. 
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Phase 1: 



Actions 


Explanations 


Wireless station 202 -> access point 206: 
ID W 


Wireless station 202 sends its identity 
information to access point 206. 


Access point 206 -> KDC: E) ap2 o6, ID W , 

N ap 206 


In addition to the identity information of 
access point 206 and wireless station 202, 
access point 206 also creates and sends a 
randomly generated number, N ap 2 06, to 
KDC This message that access point 206 
sends to KDC is also referred to as the 
ticket request message. 


KDC -» access point 206: E(K W ; K 20 6, E> ap 

206? Lap 206), E(K ap ; K 2 06, N ap 206, Lap 206, 

ID W ) 

Note 1: The notation, E(K, ***), means 
that *** is encrypted using encryption key 
K. 


After KDC generates session key, K 2 o6, 
KDC encrypts the session key with 
encryption keys of wireless station 202, K w , 
and of access point 206, Ka P , and sends the 
encrypted messages to access point 206. 
These messages are also referred to as the 
ticket granting message. 
Encryption/decryption engine 334 of access 
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Note 2: Session key, K206, has a lifetime of 

Lap 206- 


point 206 deciphers part of the ticket 
granting message using the encryption key, 
K ap , that it already has knowledge of and 
passes on the decrypted message to 
authentication protocol engine 336. 
Authentication protocol engine 336 
proceeds to verify the value of N ap 206 to 
ensure that the integrity of the information 
from KDC has not been compromised. 


Access point 206 wireless station 202: 

E(K W ; K206, IDa P 206> Lap 206), E(K206; IDap 
206, Ti) 

Note: Ti represents the time that access 
point 206 issues this challenge message. 


Authentication protocol engine 336 of 
access point 206, as has been discussed 
before, has access point 206 act as a 
Kerberos client and sends its targeted 
Kerberos server, wireless station 202, a 
challenge message. A challenge message 
includes a ticket and an authenticator. In 
this case, the ticket is E(K W ; K 2 o6, ID ap 206, 
Lap 206) , and the authenticator is E(K2oe; 
IDap 206, Ti). 
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Wireless station 202 -> access point 206: 
E(K2oe; Ti) 


Wireless station 202 has from time Ti to Ti 
+ L ap 2 o6 to authenticate itself to access 
point 206 by sending this response 
message, E(K 2 o6; Ti), to access point 206. 


Access point 206 -> wireless station 202: 
E(K 206 ; ID g ) 


Access point 206 shares the group identity 
information with wireless station 202. 


Phase 2 


Actions 


Explanations 


Wireless station 202 -> access point 206: 
E(K 206 ; ID W , ID g , N w ) 

Note: N w is a random number that wireless 
station 202 generates. 


As has been mentioned in prior sections, 
wireless station 202 has changed back to 
being a Kerberos client. It generates and 
sends a ticket request message to access 
point 206 secured by session key, K206. 


Access point 206 -> KDC: ID W , ID g , N w 


Access point 206 serves as a proxy for 
wireless station 202. 


KDC -> access point 206: E(K g ; K208, ID W , 

Lap 208), E(K W ; K2O8, N w , L ap 208, H5 g ) 


KDC responds to the ticket request 
message with a ticket granting message. 
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Note: KDC creates a second session key, 




K208> to allow wireless station 202 to 




establish a secured session with access 




point 208. It is important to emphasize that 




wireless station 202 relies on ID g and does 




not need to depend on the identity 




information of access point 208 to set up 




the secured session. As a result, wireless 




station 202 avoids executing the same 




authentication sequences with access point 




208 as it does with access point 206 and 




shortens the time required to establish the 




secured session with access point 208. 




Access point 206 •» KDC: E(K 20 6; E(K g ; 


Access point 206 selects a time to be T 2 , 


K 2 08, U>>w> -Lap 208j ? k(Aw> JS.208,lNw> L a p 208> 


selects a random number N and appends T 2 


ID g ),T 2 ,E(K g ; N,H>w, T 2 )) 


and E(K g ; N, ID W , T 2 ) to the ticket granting 




message in order to enforce the lifetime of 


Note: Wireless station 202 may execute 


session_key 2 08. This prevents wireless 


the phase 2 protocol at any moment during 


station 202 from specifying an 
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the time from Ti to T1+L206. 



unauthorized value for T2. 



Phase 3 



Actions 



Explanations 



Wireless station 202 -> access point 208: 
ID W , E(K W ; K208 5 N w , L208? ID g ), E(K2o 8 ; 
ID W , T 2 ), E(K g ; N, ID W , T 2 ) 



With the information that access point 208 
receives, it can verify the identity of 
wireless station 202 and determine the 
validity period of session_key208 (i.e. from 
T 2 to T 2 + L208). 



Access point 208 -> wireless station 202: 

E(K 208 ; ro g ),E(K 208 ;N\iD w ) 



The encrypted payload, E(K2os; N', ID W ), 
protects wired network 212 against replay 
attacks. In other words, because access 
point 208 keeps generating new N's, 
wireless station 202 could rely on the 
varying N's to detect attempts to replay 
messages from access point 208. 



Wireless station 202 -> access point 208: 
E(K 208 ; N') 



Wireless station 202 proves that it indeed 
has session_key208. 
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Thus, a method and an apparatus for establishing secured roaming have been 
disclosed. Although the secured wireless roaming system has been described 
particularly with reference to the figures, one with ordinary skill in the art may 
further divide or combine the functionality of its functional blocks. For example, an 
ordinarily skilled artisan may combine encryption/decryption engine 3 14 and 
authentication protocol engine 316 into one integrated component. Finally, despite 
the detailed discussion on Kerberos protocol, one of ordinary skill in the art could 
employ other authentication protocols without departing from the spirit and scope of 
the present invention. 



CLAIMS 

What is claimed is: 

1. A method for establishing secured roaming among a wireless station, a first 
and a second access points, comprising: 

a. the first access point requesting a first ticket from an authentication 
server and using the first ticket to establish a first secured session with 
the wireless station; and 

b. in response to a second ticket request from the wireless station through 
the first secured session, the first access point forwarding the second 
ticket request to the authentication server and relaying a resulting second 
ticket from the authentication server to the wireless station. 



2. The method according to claim 1, the method further comprises: 

applying the second ticket and a group identity shared by the first and the 
second access points to establish a second secured session between the 
wireless station and the second access point. 



3. 



The method according to claim 1, the method further comprises: 
a. the authentication server dynamically generating a first and a second 
session keys to include in the first and the second tickets, respectively; 
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and 

b. the authentication server encrypting the first and the second tickets with a 
first and a second encryption keys. 

The method according to claim 3, the first and the second session keys have 
limited lifetime. 

The method according to claim 3, the method further comprises: 

a. the first access point appending application specific information to the 
second ticket to formulate a combined message; and 

b. the first access point encrypting the combined message with the first 
session key. 

The method according to claim 5, the application specific information further 
comprises the first access point's selected time and random number. 

An access point in a secured wireless roaming system, comprising: 

a. an antenna; 

b. a filter coupled to the antenna; 

c. a receiver and a transmitter coupled to the filter; and 
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d. a control unit coupled to the receiver and the transmitter and coupled to a 
wired-network connection interface, wherein the control unit further 
comprises an authentication protocol engine that 

i. requests a first ticket from an authentication server and uses 
the first ticket to establish a first secured session with a 
wireless station; and 

ii. in response to a second ticket request from the wireless station 
through the first secured session, forwards the second ticket 
request to the authentication server and relays a resulting 
second ticket from the authentication server to the wireless 
station. 



8. The access point according to claim 7, the control unit further comprises: 
an encryption/decryption engine to decrypt the second ticket request before 
the authentication protocol engine forwards the second ticket request. 



9. The access point according to claim 7, wherein the authentication server 
further: 

a. dynamically generates a first and a second session keys to include in the 
first and the second tickets, respectively; and 
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b. encrypts the first and the second tickets with a first and a second 
encryption keys. 



10. The access point according to claim 9, the first and the second session keys 
have limited lifetime. 

1 1 . The access point according to claim 8, further comprises: 

a. the authentication protocol engine to append application specific 
information to the second ticket to formulate a combined message; and 

b* the encryption/decryption engine to encrypt the combined message with 
the first session key. 

12. The access point according to claim 1 1, the application specific information 
further comprises the access point's selected time and random number. 

13. A wireless station in a secured wireless roaming system, comprising: 

a. an antenna; 

b. a filter coupled to the antenna; 

c. a receiver and a transmitter coupled to the filter; and 

d. a control unit coupled to the receiver and the transmitter, wherein the 
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control unit further comprises an authentication protocol engine that 
requests a second ticket from an authentication server via an access 
point after having used a first ticket to establish a first secured session 
with the access point. 

14. The wireless station according to claim 13, comprising: 

the authentication protocol engine to apply the second ticket and a group 
identity shared by the first and a second access points to establish a second 
secured session with the second access point. 

15. A secured wireless roaming system, comprising: 
a wired medium; 

a wireless medium; 

an authentication server coupled to the wired medium; 

a wireless station coupled to the wireless medium; and 

an access point coupled to the wireless medium and the wired medium, 

wherein the access point comprises: 

i. a first control unit, comprising a first authentication protocol 

engine to request a first ticket from the authentication server and 
use the first ticket to establish a first secured session with the 
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wireless station; and 
ii. in response to a second ticket request from the wireless station 
through the first secured session, to forward the second ticket 
request to the authentication server and relays a resulting second 
ticket from the authentication server to the wireless station. 

The secured wireless roaming system according to claim 15, wherein the 
wireless station further comprises: 

a second authentication protocol engine to apply the second ticket and a 
group identity shared by the first and a second access points to establish a 
second secured session with the second access point. 

The secured wireless roaming system according to claim 15, the first control 
unit further comprises: 

an encryption/decryption engine to decrypt the second ticket request before 
the authentication protocol engine forwards the second ticket request. 

The secured wireless roaming system according to claim 15, wherein the 
authentication server further: 

a. dynamically generates a first and a second session keys to include in the 
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first and the second tickets, respectively; and 

b. encrypts the first and the second tickets with a first and a second 
encryption keys. 

19. The secured wireless roaming system according to claim 17, the first and the 
second session keys have limited lifetime. 

20. The secured wireless roaming system according to claim 17, further 
comprising: 

a. the first authentication protocol engine to append application specific 
information to the second ticket to formulate a combined message; and 

c. the first encryption/decryption engine to encrypt the combined message 
with the first session key. 

21. The access point according to claim 20, the application specific information 
further comprises the access point's selected time and random number. 
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ABSTRACT OF THE DISCLOSURE 

A method and an apparatus for establishing secured roaming among wireless 
devices are disclosed. In one embodiment, a first access point requests a first ticket 
from an authentication server and uses that first ticket to establish a first secured 
session with a wireless station. In response to a second ticket request from the 
wireless station through the first secured session, the first access point forwards the 
second ticket request to the authentication server and also relays a resulting second 
ticket from the authentication server back to the wireless station. 
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APPENDIX B 



Title 37, Code of Federal Regulations, Section 1 .56 
Duty to Disclose Information Material to Patentability 

(a) A patent by its very nature is affected with a public interest. The public interest is best served, 
and the most effective patent examination occurs when, at the time an application is being examined, the 
Office is aware of and evaluates the teachings of all information material to patentability. Each individual 
associated with the filing and prosecution of a patent application has a duty of candor and good faith in 
dealing with the Office, which includes a duty to disclose to the Office all information known to that individual 
to be material to patentability as defined in this section. The duty to disclosure information exists with respect 
to each pending claim until the claim is cancelled or withdrawn from consideration, or the application becomes 
abandoned. Information material to the patentability of a claim that is cancelled or withdrawn from 
consideration need not be submitted if the information is not material to the patentability of any claim 
remaining under consideration in the application. There is no duty to submit information which is not material 
to the patentability of any existing claim. The duty to disclosure all information known to be material to 
patentability is deemed to be satisfied if all information known to be material to patentability of any claim 
issued in a patent was cited by the Office or submitted to the Office in the manner prescribed by §§1 .97(b)-(d) 
and 1 .98. However, no patent will be granted on an application in connection with which fraud on the Office 
was practiced or attempted or the duty of disclosure was violated through bad faith or intentional misconduct. 
The Office encourages applicants to carefully examine: 

(1) Prior art cited in search reports of a foreign patent office in a counterpart application, and 

(2) The closest information over which individuals associated with the filing or prosecution of a 
patent application believe any pending claim patentably defines, to make sure that any material information 
contained therein is disclosed to the Office. 

(b) Under this section, information is material to patentability when it is not cumulative to 
information already of record or being made or record in the application, and 

(1 ) It establishes, by itself or in combination with other information, a prima facie case of 
unpatentability of a claim; or 

(2) It refutes, or is inconsistent with, a position the applicant takes in: 

(i) Opposing an argument of unpatentability relied on by the Office, or 

(ii) Asserting an argument of patentability. 

A prima facie case of unpatentability is established when the information compels a conclusion that a claim is 
unpatentable under the preponderance of evidence, burden-of-proof standard, giving each term in the claim 
its broadest reasonable construction consistent with the specification, and before any consideration is given to 
evidence which may be submitted in an attempt to establish a contrary conclusion of patentability. 

(c) individuals associated with the filing or prosecution of a patent application within the 
meaning of this section are: 

(1 ) Each inventor named in the application; 

(2) Each attorney or agent who prepares or prosecutes the application; and 

(3) Every other person who is substantively involved in the preparation or prosecution of the 
application and who is associated with the inventor, with the assignee or with anyone to whom there is an 
obligation to assign the application. 

(d) Individuals other than the attorney, agent or inventor may comply with this section by 
disclosing information to the attorney, agent, or inventor. 
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